The UK Is Under Cyberattack, but Streamlined Incident Reporting Can Improve Resilience

Cyber battles are raging across the United Kingdom, with the country facing a “50% increase in highly significant [cyber] incidents” over a 12-month period, according to the National Cyber Security Centre’s (NCSC’s) annual report released on October 14. The cyberattack on Jaguar Land Rover (JLR), which suspended operations for six weeks beginning August 31, is proof of the report’s veracity. The JLR case is just one of several major cyberattacks on UK businesses this year.

Cyberattacks Cripple High-Profile British Corporations

NCSC CEO Richard Horne warned that cyberattacks have hit “household brands,” resulting in “empty shelves and stalled production lines.” The report highlights ransomware as “one of the most acute and pervasive cyber threats to UK organisations,” alongside nation-states and the growing “cyber intrusion sector,” referring to services and products that facilitate unauthorized access or penetration of networks, systems, or devices.

The cyberattack foremost in people’s minds in the kingdom remains JLR. Deep Specter Research speculated that hackers lingered in JLR networks for more than a year and breached customer data and internal systems. To contain economic fallout and protect jobs, Whitehall issued JLR a $2 billion government-backed loan — the first time such support has followed a cyberattack..

The criminal syndicate responsible for the attack, Scattered Spider Lapsus$ Hunters, is a conglomerate of cyber-criminal groups, including Scattered Spider. Following the JLR attack, Scattered Spider threatened to “lock Vodafone UK next and cut off peoples lines and internet” and “leak countries PMs and officials private conversations.” Earlier this year, Scattered Spider compromised national grocery chain Co-op and department store chain Marks & Spencer (M&S) — each of which saw large-scale shutdowns due to cyberattacks. The attack cost Co-op an estimated $276 million, and M&S lost nearly 30 percent of its yearly profits and resorted to pen and paper to fill orders.

Businesses Overwhelmed by Intensity of Cyberattacks

“Nothing truly prepares you for the moment a real cyber event unfolds,” Co-op CEO Shirine Khoury-Haq wrote in an open letter within the NCSC report. M&S Chairman Archie Norman similarly testified before Parliament in July, that “quite a large number” of cyberattacks never get reported to NCSC, creating “a big deficit” in national cyber awareness. He added that “simulation and ‘red team’ attacks were nothing compared with what happens and the intensity” of a real cyberattack. Red teaming in cybersecurity refers to an authorized simulation of a cyberattack against an organization’s systems, networks, or personnel.

People familiar with the UK cyber incident reporting process lament that government responses are often slow and hampered by bureaucracy. Many businesses under cyber duress must navigate fragmented reporting lines across agencies before receiving assistance.

UK Government and Businesses Must Act Proactively

Parliament should establish a centralized hub to act as a single point of contact for mandatory cyber incident reports and voluntary cyber threat indicator sharing. Currently, a British business may be expected to report a cyberattack to multiple entities — depending on the nature of the attack, industry, and those affected. Companies may not realize they should also contact the NCSC and processes for escalating to and within the NCSC, which helps with incident response, are reportedly slow. Creating a centralized point of contact — as advocated by Norman and other industry leaders — would streamline reporting, enable faster response times, and mitigate disruptions to businesses.

The UK is now the most targeted country in Europe for cyberattacks. Cyber resiliency needs to be a priority for corporations, alongside creating robust operational continuity and recovery plans. Businesses should note NCSC advice to engineer systems that “can operate and recover following a disruptive cyber intrusion.” UK Companies should also incorporate NCSC tools directly into their cybersecurity framework; such as “Exercise in a Box,”  a tool for testing resilience and response and Cyber Governance Training, which provides cybersecurity lessons for executives and boards. Companies must integrate these and other NCSC tools and resilience practices to prepare for the inevitability of future attacks.

Emmerson Overell is a project coordinator at the Foundation for Defense of Democracies (FDD) for the Center on Cyber & Technology Innovation (CCTI). For more analysis from Emmerson and FDD, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.